Certificate of Cloud Security Knowledge (CCSK) v.4

Why Obtain the CCSK?

As enterprises and consumers move greater amounts of sensitive information to the cloud, employers struggle to find information security leaders who have the necessary breadth and depth of knowledge to establish cloud security programs protecting sensitive information.

The CCSK lets the marketplace know you are ready for the challenge with the first credential dedicated to cloud security, offered by the world’s thought leader in cloud security.

Since Cloud Security Alliance first released the Certificate of Cloud Security Knowledge (CCSK) in 2010, thousands of IT and security professionals have taken the opportunity to upgrade their skillsets and enhance their careers by obtaining the CCSK. It was no surprise to us when Certification Magazine listed CCSK at #1 on the Average Salary Survey 2016.

IT Pros Rank CCSK #1 Certification

In a recent survey of over 6,000 certified IT professionals, Certification Magazine found the Cloud Security Alliance's CCSK certification ranked #1 in average salary amongst professionals.

Get your CCSK Preparation Kit Today!

Preparation Kit includes:

  • CCSK Preparation Guide
  • CCSK Guidance v3.0 Sample questions
  • ENISA Cloud Computing Risk Assessment

The CCSK Exam is based on CSA Guidance v3.0.

Download your kit

CCSK Training

We highly recommend CCSK training. As with any IT certification, formal training is an excellent way to improve your chance of successfully passing the exam, sharing real-world experiences with your peers and getting cloud systems hands-on to apply the best practices.

CCSK Training Courses

CCSK Training Schedule

The CCSK Helps You:

  • Validate your competence gained through experience in cloud security
  • Demonstrate your technical knowledge, skills, and abilities to effectively develop a holistic cloud security program relative to globally accepted standards
  • Differentiate yourself from other candidates for desirable employment in the fast-growing cloud security market
  • Gain access to valuable career resources, such as tools, networking and ideas exchange with peers

The CCSK Helps Employers:

  • Protect against threats with qualified professionals who have the expertise to competently design, build, and maintain a secure cloud business environment
  • Increase your confidence that candidates are qualified and committed to cloud security
  • Ensure practitioners use a universal language, circumventing ambiguity with industry-accepted cloud security terms and practices
  • Increase organizations’ credibility when working with constituents

The CCSK Helps Cloud Providers and Consulting Organizations:

  • Increase revenues by winning more business using expertise demonstrated with certified staff
  • Increase organizations’ credibility and trust when working with clients and vendors

What the Industry Says

"This is the mother of all cloud computing security certifications. The Certificate of Cloud Security Knowledge certification is vendor-neutral, and certifies competency in key cloud security areas.”

~ CIO.com, Top Ten Cloud Computing Certifications

“Having dealt with security since the creation of our Group 60 years ago, at Kudelski Security we are thrilled to leverage CSA’s Cloud Security Knowledge certification to bring our Cyber Security Division’s engineering experts to a common level of understanding of best practices and benefits of cloud computing. When training clients in corporate and public segments on information security standards, we highlight the importance of CSA’s CCSK certification for IT professionals who need to ensure adoption of secure cloud environment in their organizations.”

~ Joel Conus, VP Cyber Security Operations, Kudelski Security

“The CSA, in providing a set of goals through the CCSK, is challenging security practitioners to become the cloud thought-leaders we need today and tomorrow to ensure safe and secure cloud environments. In developing the CCSK, CSA is 'setting the bar' for security professionals and providing business executives a means to gauge the opinions and rhetoric associated with security in the cloud.”

~ Jerry Archer, CSO, Sallie Mae

“With CCSK certification, professionals who have Cloud Computing responsibilities can demonstrate thorough Cloud security knowledge based on the CSA’s catalogue of security best practices.”

~ Patrick Harding, CTO, Ping Identity

"As enterprises move toward cloud computing, they are desperately seeking guidance and education in this new domain. CSA is bridging this gap and the CCSK provides an important first step in establishing baseline knowledge for individuals tasked with building and managing applications to the cloud."

~ Michael Sutton, CISO, Zscaler

Get Ready to take the CCSK Exam

The CCSK is an examination testing for a broad foundation of knowledge about cloud security, with topics ranging from architecture, governance, compliance, operations, encryption, virtualization and much more. The body of knowledge for the CCSK examination is the CSA Security Guidance for Critical Areas of Focus in Cloud Computing V3, English language version, and the ENISA report “Cloud Computing: Benefits, Risks and Recommendations for Information Security”.

The CCSK examination is a timed, multiple choice examination you take online. The examination consists of 60 multiple choice questions selected randomly from our question pool, and must be completed within 90 minutes.

Download your Preparation Kit

Preparation Kit includes:

  • CCSK Preparation Guide
  • CCSK Guidance v3.0 Sample questions
  • ENISA Cloud Computing Risk Assessment

The CCSK Exam is based on CSA Guidance v3.0.

Please fill out the following form to download the CCSK Exam Preparation materials.

Access the CCSK Preparation Materials


CCSK Training

Formal training is an excellent way to improve your chances at successfully passing the exam. We have found that even more important than actually passing the exam is sharing real world experiences with your peers and getting hands on access to cloud systems to apply the best practices. To that end, CSA has developed two courses that address these needs and which we highly recommend:

  • The CCSK Foundation class provides students a comprehensive one day review of cloud security fundamentals, the body of knowledge and prepares them to take the Cloud Security Alliance CCSK v3.0 certificate exam.
  • The CCSK Plus class builds upon the CCSK Foundation class with expanded material and extensive hands-on activities with a second day of training. Students will learn to apply their knowledge as they perform a series of exercises as they complete a scenario bringing a fictional organization securely into the cloud.

These courses are available worldwide via out training partner network.
For more information, click here.

Meet the CCSKs

Certificate of Cloud Security Knowledge holders include some of the industry’s top experts solving real world problems, assisted by their CCSK education. Check out our featured CCSK expert below:

Jan De Clercq

Jan De Clercq

Senior Consultant, HP Consulting and Integration, Hewlett-Packard, Belgium

Jan De Clercq is a solution architect and HP Distinguished Technologist specializing in IT security, identity and access management, cloud computing and Microsoft infrastructures. He is currently working in the HP Technology Services Consulting worldwide IT Assurance Portfolio team where he is the lead architect and content developer for the Cloud Protection, Mobility Protection and Platform Protection services. Jan has over fifteen years of experience in the areas of consulting and technical training. Jan has provided security, cloud, identity management, and Microsoft infrastructure consulting to some of Digital, Compaq and HP’s largest customers. He is a well-respected industry member of the security community and has been invited to present at major security conferences. He also has written security-focused books and articles for industry publications – recently he co-authored the “Cloud Computing Protected”.

Jan was closely involved in the creation of the HP Cloud Protection Reference Architecture (CP RA). This is the HP Technology Services Consulting framework for helping organizations secure hybrid cloud solutions. The reference architecture addresses cloud security holistically by taking into account an organization’s business, functional, technical and implementation cloud security needs and by including the correct people, policy, process, procedure, product as well people controls in the cloud security solution. The CSA cloud security best practices (that are reflected in both the CSA collateral and the CCSK certification) are one of the fundamental building blocks that underpin the HP CP RA. Jan significantly benefited from both the CSA collateral and his CCSK certification while he was building the CP RA and he continuous to take advantage of them in his ongoing customer cloud security engagements.

Avani Desai

Avani Desai

Executive Vice President, Schellman & Company, Inc.

Avani Desai is a Principal and the Executive Vice President at Schellman. Avani has more than 15 years of experience in IT attestation, risk management, compliance, and privacy. Avani’s primary focus is on emerging healthcare issues and privacy concerns for organizations.

Lauren Edmonds

Lauren Edmonds

Senior Manager, Schellman & Company, Inc.

Lauren Edmonds is a Senior Manager at Schellman & Company, Inc.. Prior to joining Schellman, Lauren was a technology risk consultant for Protiviti, Inc., evaluating and assessing global corporations IT control environments and business processes relative to Sarbanes-Oxley compliance. In addition, she has internal audit experience in network security, revenue recognition, IT general controls, and systems development life cycle methodologies. Through the various audits performed, Lauren has evaluated risks and controls for a number of industries including financial services, manufacturing, marketing, distribution and service-based organizations.

David Gibbs

David Gibbs

Chief Technologist, Military Healthcare for HP Enterprise Services, US Public Sector

David Gibbs, CCSK, CISSP, is responsible for the development and execution of strategic and innovative technology initiatives for HP and clients. He maintains roadmaps and innovation agendas, leads research and development efforts, and continually assesses technology capabilities to guide optimized solutions for military healthcare clients.

With over 25 years’ experience, David delivers thought leadership, facilitates understanding and collaboration, and is a catalyst for innovative solutions. For the past decade, David envisioned and architected secure and effective enterprise-level information technology solutions to enable improved delivery of healthcare. He contributed directly to client projects applying his expertise with information security, enterprise architecture, directory services, federated identity management, enterprise management, messaging, and mobile computing.

Recognizing the growing interest in cloud computing among his customers and knowing the level of security required for military and healthcare systems, David completed the Certificate in Cloud Security Knowledge (CCSK) offered by the Cloud Security Alliance. The practical information acquired from the CCSK body of knowledge strengthened David’s understanding of cloud security and empowers him to collaborate effectively with customers and colleagues to evaluate and develop secure cloud computing solutions.

An educator and technologist, David participates in professional and academic activities that bridge computer science, health information technology, and adult education. He enjoys helping people think, understand, construct knowledge, solve problems, and make informed decisions. His passion for teaching has been fueled throughout his career by facilitating formal and informal learning, including delivery of hundreds of information technology certification workshops and also teaching undergraduate courses for two years as a part-time faculty member in a university computer science department.

David maintains a variety of industry certifications and professional memberships relevant to his work with information security and healthcare information technology. His academic preparation includes a Bachelor of Science in Computer Science from East Tennessee State University followed by a Master of Science in Education from California State University – East Bay. David is currently writing a dissertation related to information systems requirements elicitation as he completes a Ph.D. in Adult, Professional, and Community Education at Texas State University.

Stephen Halbrook II

Stephen Halbrook II

Senior Manager, Schellman & Company, Inc.

Stephen Halbrook is a Senior Manager at Schellman & Company, Inc. Stephen is a FedRAMP and FISMA practice leader and assists with service delivery across all service lines including SOC, PCI-DSS, ISO, FedRAMP, FISMA and HIPAA services. Stephen also helps assist large and complex organizations that have multiple compliances needs helping them strategically align their efforts to maximize cost and efficiencies. He has more than 12 years of experience performing attestation and compliance examinations. Prior to Schellman he was with Deloitte’s Audit and Enterprise Risk Services group.

Meet the Early Adopters